Malware
Operation Zero Disco exploits Cisco SNMP flaw for rootkits
Lisa Kern Image generated by AI
Cyber threat actors in Operation Zero Disco have exploited a vulnerability in Cisco's SNMP service to install persistent Linux rootkits on network devices. The campaign targets older Cisco switches and uses crafted packets to achieve remote code execution. Trend Micro researchers disclosed the attacks on October 16, 2025, highlighting risks to unpatched systems.
TransparentTribe targets Indian military Linux systems with DeskRAT
Pakistan-linked threat group TransparentTribe has launched a phishing campaign since June 2025 to deploy the Golang-based DeskRAT malware on Linux systems in Indian defense networks. The attacks exploit BOSS Linux through malicious ZIP files disguised as official documents. Cybersecurity firms CYFIRMA and Sekoia.io have analyzed the operation, highlighting its ties to regional unrest.
Malicious packages overwhelm NPM with over 86,000 downloads
October 28, 2025 00:38Qilin ransomware uses WSL to run Linux encryptors on Windows
October 04, 2025 00:44Android spyware disguises itself as signal or totok updates
Qilin ransomware deploys Linux binaries against Windows systems
Lisa Kern Image generated by AI
The Qilin ransomware group, also known as Agenda, has developed a hybrid attack using Linux payloads on Windows hosts to evade detection. By abusing legitimate remote management tools and exploiting vulnerable drivers, attackers disable defenses and target backups. This cross-platform tactic highlights evolving ransomware sophistication.
Xubuntu website hacked to serve Windows malware
The official Xubuntu website has been compromised, redirecting torrent downloads to a malicious zip file containing Windows malware. The attack was discovered through user reports on Reddit, prompting the team to take down the affected page. Xubuntu contributors are collaborating with Canonical to resolve the issue.
Malicious npm packages steal developer credentials on multiple platforms
Lisa Kern Image generated by AI
Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.
Malicious npm packages deliver infostealer malware to developers
Security firm Socket has uncovered ten malicious packages in the npm repository that target developers on Windows, macOS, and Linux systems. These packages, available since July, use typosquatting and sophisticated obfuscation to install infostealer malware. The malware steals credentials from browsers, SSH keys, and configuration files before exfiltrating data to attackers.
LinkPro rootkit exploits Linux eBPF for stealthy attacks
A new rootkit called LinkPro has been targeting GNU/Linux systems, using eBPF technology to hide malicious activities and evade detection. Discovered in a compromised AWS infrastructure, it spreads via vulnerable Jenkins servers and malicious Docker images. The malware provides attackers with remote access while masquerading as legitimate system components.
TransparentTribe deploys DeskRAT against Indian military Linux systems
The Pakistani-linked hacking group TransparentTribe has escalated its cyber espionage by targeting Linux-based systems in Indian military organizations with a new Golang-based remote access trojan called DeskRAT. The campaign, traced back to June 2025, uses sophisticated phishing tactics to deliver the malware. This development highlights the group's advancing technical capabilities amid regional tensions.
Thousands of YouTube videos disguised as cheat codes removed for spreading malware
YouTube has removed thousands of videos that were disguised as cheat codes but actually spread malware. These videos were part of a network known as the YouTube Ghost Network. The videos had garnered hundreds of thousands of views.